SYNCHOST.EXE ; Trojan Or Not ?

There is a thread on this ;-
Randy Bell, 23 Nov.2002 No.1 - no replies
This gives a full explanation of SYNCHOST.EXE by Symantec Security
=====
All the Internet and the above post list SYNCHOST.EXE as being registered as Ripjac virus\r, a Trojan virus that is malicious and causes a breach of privacy by searching and sending out personal information including banking details, passwords etc. The message given is very clear ; REMOVE IT IMMEDIATELY.

Exactly how to detect all the infected files and records, together with their removal involves registry deletions, needing back-up. It does not seem an easy matter.

It is stated that none of the regular virus and malware products pick up this virus.

My system shows SYNCHOST.EXE is active. At the time of writing this post, there are FIVE SYNCHOST.EXE showing on the running process list.

All are down as Company = Microsoft Corporation except one which = Crawler.com. All are User name = NT/Authority/System.
One sub-divides into iexplore.exe and CToolbar.exe.

I have AVG 8.0, COMODO IS, Spybot, Spyware Terminator, Spywareblaster, Malwarebytes, CCleaner and Vundofix, plus of course the inbuilt Microsoft/Windows security packs which handle malicious intrusions. NONE of these pick up SYNCHOST.EXE or any of it`s derivatives as a threat.

This is most confusing, these processes look genuine enough, yet everybody is saying that SYNCHOST.EXE is a Ripjac virus, highly dangerous and should be deleted immediately.

I must confess, whilst the consensus of opinion is overwhelming, I just cannot bring myself to believe that these SYNCHOST.EXE processes are rogues. I have never had any reason to suspect that my privacy is being breached and there ARE some contradictions on the Internet when you do enough looking.

Can I please ask what the Forum experts think about this and IF it is a genuine threat, how can it be removed without wrecking the system operational flow ?
KAS

 

Despite being a 6 year old thread, it just might be the ripjack trojan.
I found another forum with a report of the same process.

I would be curious what a Prevx CSI scan would bring.
Or do an online scan from your choice of vendor..Kaspersky, Panda etc.

 

It is SYNCHOST.EXE or svchost.exe?

Pls make sure.

 

Hello Aigle, VERY WELL DONE ! No pulling the wool over your eyes.

Have you ever heard of the word "illusion" ?
Definition = something that is not really what it seems to be.

Well, I looked again at MY process list and by golly it is SVCHOST.EXE which pops up all over the place. My eyes initially saw SYNCHOST.EXE !!
YES, the lady DID really get sawed in half and walked away in two pieces.

The net contents all refer to SYNCHOST.EXE as being the RipJac virus.

I seem to have made a visual bloomer, but am really pleased that MY processes are SVC and not SYNC. In small print the V looks like a Y. The rest is an illusion.

I suppose technically my thread is still valid since it deals with SYNCHOST.EXE being a virus, something which is not exactly undisputed on the net, but if I had not been visually misguided, I would not have raised it.

Thanks for spotting it. You don`t wear those huge thick lenses do you ?

As you are so eagle-eyed at seeing small differences - could you please see if you can find my bank interest credit if I send you my statement. It must be there somewhere but I cannot find it.
KAS

 

Hmmm. Glad to know that it is solved.

Thanks. I sometimes wear glasses but not huge. But let me assure u it,s just a common happening.

 

Hi Aigle my optical consultant,

I apologise to all Wilders Wizards for wasting their time due to my illusion between SYNCH and SVCH. Well these things do happen. What about all those Masters Degree with Honors super-brained fighter pilots who swear on oath that they have been chased by Flying Saucers ?

I suppose a good example of illusion is this ;-

Quasimodo being chased by a crowd of kids and yelling -
'Bugger off, I have`nt got your football'
KAS

 

Hmm.... nothing so big. That,s OK.